ANALYSIS · 15 JUNE 2026

The Jurisdiction Does Not Move

On Friday the United States government switched off the most capable model Anthropic had ever made generally available, for every foreign person who might use it. That is not the CLOUD Act. It is something more useful to understand.

THE EVENT

What Friday actually was

On Friday 12 June, at 5:21 in the evening Eastern time, Anthropic received what it described as an export control directive from the United States government. The order denied access to its two most capable models, Fable 5 and Mythos 5, to any foreign national anywhere, inside the United States or outside it, including the company's own foreign national staff. Reporting attributes the letter to Commerce Secretary Howard Lutnick, working with the Commerce Department's Bureau of Industry and Security. Anthropic cannot check the citizenship of every user in real time, so to comply it did the only thing open to it. It switched both models off for everyone, while its other models stayed up. A product deployed to hundreds of millions of people went dark within hours of a government letter, three days after Fable 5 launched to the public.

THE MECHANISM

Export control is not the CLOUD Act

Read carefully what happened there, because the careless reading is the wrong one. This is not the CLOUD Act. The CLOUD Act compels a company to hand over data. This is export control, which governs who is permitted to receive a technology at all. Different statute, different machine, and I am not going to pretend they are the same one. But strip both down to the thing underneath and they share a single root. A company incorporated in the United States answers to the United States. The power runs through the company. It does not stop at a border, it does not care where the data centre sits, and it does not bend to where the customer happens to be. On Friday that power reached every foreign person on the planet through a single letter to a single company in San Francisco.

Here is the sentence the whole question turns on. The CLOUD Act reaches data by who incorporates the provider and not by where the data is stored. This is not my gloss on the law. The statute itself, at title 18 section 2713 of the US Code, requires a covered provider to disclose data within its possession, custody, or control, in the words of the Act, regardless of whether that information is located within or outside of the United States. Say it slowly, because almost every comfortable assumption in the sovereignty market lives on the wrong side of that line. Australian residency of the bytes does not sever the reach. The Sydney region, the local availability zone, the reassuring map with a pin in it, none of it touches the question, because the question was never geography. It was corporate nationality. Friday proved the root is live. The CLOUD Act is simply the same root with the instrument pointed at your data rather than at your access.

There is a third instrument worth one sentence, offered as context and not as proof. The restricted sibling model, Mythos 5, reaches its few approved partners through Project Glasswing, a program Anthropic runs in collaboration with the US government, which shows how closely a frontier provider already sits to the state whose orders it must obey. Compulsion through the CLOUD Act, denial through export control, cooperation through Glasswing. Three different levers, one hand resting on all of them.

THE EXPOSURE

Sovereign at every layer but one

So route an Australian institution's workload to a model delivered by a US incorporated company, and that workload sits inside US jurisdiction however sovereign the surrounding stack is sold to be. This is the gap I keep finding in sovereignty pitches. The infrastructure layer is often genuinely Australian. The model menu beneath it is not. Somewhere on that menu sits a US incorporated provider reachable by API, and the moment a workload touches it, residency stops being the relevant fact. The stack can be sovereign at every layer a brochure shows you and foreign at the one layer that settles the jurisdictional question.

NOT THEORETICAL

The reassurance that did not survive the weekend

The standard reassurance has always been that this exposure is theoretical. No compelled disclosure is known, the argument runs, so the risk is a lawyer's hypothetical. That reassurance did not survive the weekend. There is now a dated, executed act of US state power exercised over an AI provider, reaching through it to every foreign user it has. By several accounts it is the first time the US government has forced a leading AI company to pull a publicly deployed model. And the company itself disagreed that the stated grounds warranted the action, which is the most important detail of all. The decision was not the provider's to make. When the state directs, the provider complies, whatever it thinks of the reasoning. That is what jurisdiction means, and it stopped being theoretical on Friday evening.

DISCLOSURE

I am inside my own thesis

Now the objection you should be forming, because I am living it as I write. AustraliaOS uses Claude. I am building an argument about US reach over US incorporated providers, and I am a foreign national, which as of Friday means I am barred by nationality from the very models this piece is about.

I am not going to paint over that. I am going to stand in it, because it is the cleanest evidence I have.

The work I put through Claude is analysis of public source material: legislation, corporate filings, ASIC records, AusTender data, facts already on the public record. US reach over those sessions is real. The consequence is close to nothing, because the content is public source reasoning and not a client's confidential file. Real and immaterial, and I can hold both halves of that sentence without flinching, because I did the accounting instead of the avoidance. The day an engagement would route a client's regulated material through a US incorporated model, the exposure stops being immaterial and this defence collapses, so that line does not get crossed. Public source analysis, yes. Client confidential data through a foreign reachable provider, no. Hold the boundary and the contradiction stays rhetorical. Cross it and it turns operational, and I would be selling the very thing I diagnose.

THE THESIS

What sovereign has to mean

The thesis was never avoid American tools. The tools are extraordinary, and a model the US government judged too powerful to leave in foreign hands is proof of exactly how extraordinary. The thesis is narrower and harder to live than that. Name the exposure. Account for it honestly. And do not call a thing sovereign that a letter from Washington can reach, whether that letter compels your data or simply switches you off. A better model does not earn the label. Only an honest map of the jurisdiction does.

REFERENCES

Sources

Anthropic 2026a, Claude Fable 5 and Claude Mythos 5, Anthropic, 9 June, https://www.anthropic.com/news/claude-fable-5-mythos-5

Anthropic 2026b, Statement on the US government directive to suspend access to Fable 5 and Mythos 5, Anthropic, 12 June, https://www.anthropic.com/news/fable-mythos-access

Clarifying Lawful Overseas Use of Data Act 2018, Pub L No 115-141, div V, 132 Stat 1213 (US), codified at 18 USC 2713

NBC News 2026, Anthropic suspends new AI models after government directive, 12 June, https://www.nbcnews.com/tech/tech-news/anthropic-suspends-new-ai-models-fable-mythos-government-directive-rcna349901

TIME 2026, Anthropic pulls its most powerful AI models after US bars foreign access, 13 June, https://time.com/article/2026/06/13/anthropic-fable-mythos-ban-US-security/

United States Department of Justice 2019, Promoting Public Safety, Privacy, and the Rule of Law Around the World: The Purpose and Impact of the CLOUD Act, US Department of Justice, Washington DC

Brunel Al-Bijwaie
Director, AustraliaOS